PRIVILEGES for percona-online-schema-change
Updated at by ospiPrivileges at master host for making pt-online-schema-change
We're going to add an index to a table in narf schema. Easy mode ALL PRIVILEGES is too broad and it could be narrowed down.
GRANT ALL PRIVILEGES ON narf.* TO 'blonk'@'localhost' IDENTIFIED BY 'blonk'
GRANT SUPER, REPLICATION SLAVE, PROCESS ON *.* TO 'blonk'@'localhost';
Schema change itself
pt-online-schema-change -ublonk -pblonk --execute --alter="ADD INDEX derp (is_blirp, blerp, durp_id)" D=narf,t=teibol
Privileges for checking slave lag.
pt-osc executes SHOW TABLES FROM narf ... at slave(s) so it needs SELECT privilege in addition to REPLICATION CLIENT for polling slave lag. Database host running the pt-online-schema-change resides at IP 10.5.5.5.
GRANT REPLICATION CLIENT ON *.* TO 'blonk'@'10.5.5.5';
GRANT SELECT ON narf.* TO 'blonk'@'10.5.5.5';